[Samba] freeradius + NTLM + samba AD 4.5.x
Andrew Bartlett
abartlet at samba.org
Tue Mar 27 00:32:46 UTC 2018
On Mon, 2018-03-26 at 13:37 +0100, Rowland Penny via samba wrote:
>
>
> Have you ever heard of 'wannacry' ? or to put it another way 'VERY
> insecure'
To be clear, NTLMv1 and wannacry are unrelated. (Wannacry/wannacrypt
used an SMBv1 exploit, but NTLMv1 is negotiable without SMBv1).
NTLMv1 is quite insecure, in that it was 24 hours and 100 USD of cloud
credit to crack a couple of years back.
Avoiding both is of course still a really good idea.
SMBv1 isn't so much an insecure protocol as that SMBv2 has the fortune
of being implemented more recently, after coding techniques improved
both in the Samba Team and at Microsoft (and SMBv2 has some good
security features in the more recent versions).
So, retiring SMBv1 allows us to retire a lot of code that was written
in the 1990's, which is a good thing.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list